SSL certificates authenticate website identity and provide security for online communications. Without these small data files, your site won’t function properly and become vulnerable to man-in-the-middle attacks. Managing your certificates efficiently is a task you shouldn’t take lightly. From following the best installation practices to renewing them on time, you should regularly check your SSL installation for potential errors.

Sometimes, you need to remove a certificate because it’s been compromised or stolen. But in most cases, you have to get rid of it before it expires to avoid encryption outages and keep sensitive data safe. Either way, no matter what server you use, there isn’t a single “delete” button to uninstall your certs.That’s why in this article, we’ll show how to remove SSL certificates from Windows 10. If you’re looking for instructions on how to install an SSL cert on Windows, check this comprehensive IIS SSL installation guide instead.

Before we begin, we encourage you to backup your certificates, as any modifications to root and intermediate certs may lead to unexpected errors. Follow the steps below to remove your certificate from Windows 10.

  1. Launch the Microsoft Management Console (MMC) by clicking the Windows icon on the taskbar and searching for “MMC”. 
  2. In the MMC, click the File button in the top-left corner and select Add/Remove Snap-in.
  3. Click Certificates in the left column, and then click Add to move it to the right column. Click OK to continue.
  4. From the Certificates Snap-in window, select Computer account to view certificates for all users on this machine and then click Next.
  5. On the next window, select Local computer (the computer this console is running on).
  6. Click Finish, and then OK to close the snap-in manager screen. You should then see a list of certificates on your local machine in the left-hand column of MMC.
  7. Now, you need to find the cert that you want to remove. Use the folder list on the left side to locate the certificate. Click the Third-Party Root Certification Authorities folder, then select Certificates.
  8. Find the certificate you want to remove and right-click on it. Select Properties. Then, in the General tab, in the section called Certificate purposes, select the Disable all purposes for this certificate radio button and then click Apply.
  9. Restart your server. And that should be it.

Every time you need to remove an SSL certificate from your server ensure you know exactly what files to disable. Deleting a wrong root or intermediate cert may cause SSL connection errors. The method we’ve provided is efficient when you’re dealing with a small number of certs. But if your company is deploying dozens of certificates for various needs, it’s better to automate the process and use SSL management tools.